al-dpopowich
commented
7 months ago This has been reported in #5732. You need to give the full ARN of the secret, not just its name.
Closed apassy closed 3 months ago
al-dpopowich
commented
7 months ago This has been reported in #5732. You need to give the full ARN of the secret, not just its name.
apassy
commented
7 months ago Same error when using the full ARN.
Lou1415926
commented
7 months ago hey @apassy , please see my response here and see if it help clarify anything for you. In the meantime, can you try specifying the secret arn instead of just the name?
apassy
commented
7 months ago Tried with full ARN
secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store.
adc_reader:
secretsmanager: 'arn:aws:secretsmanager:us-east-1:<acct>:secret:ReportWriter_ADC_DB-<random>'
dropbox_writer:
secretsmanager: 'arn:aws:secretsmanager:us-east-1:<acct>:secret:DropboxReportWriter-<random>'
infra_reader:
secretsmanager: 'arn:aws:secretsmanager:us-east-1:<acct>:secret:ReportWriter_Infrastructure_DB-<random>'
✘ Latest 2 tasks stopped reason
- [955086cd,9b359892]: ResourceInitializationError: unable to pull secre
ts or registry auth: execution resource retrieval failed: unable to re
trieve secret from asm: service call has been retried 1 time(s): secre
ts manager: failed to retrieve secret from arn:aws:secretsmanager:us-e
ast-1:<acct>:secret:arn:aws:secretsmanager:us-east-1:49115046704
7:secret:ReportWriter_ADC_DB-<random>: unexpected ARN format with parame
ters when trying to retrieve ASM secret
h5aaimtron
commented
7 months ago @apassy remove the _ and any - in the last segment of your secret.
@Lou1415926 we just had this issue where our copilot services could not access secrets where the last segment had a hyphen. Example that didn't work: common/data/lookup-id Example that did work common/data/lookupid
It appears if the hyphen is in a previous segment, but not the ending segment, it's fine such as: Works fine: api-common/lookupid
No matter what you'll get an error about accessing the secret.
ssyberg
commented
6 months ago I think this is still a bug, all my secrets are working fine in my first environment but now I'm seeing this error when trying to deploy to a new environment
iamhopaul123
commented
6 months ago @ssyberg can you check if the secrets are properly tagged with copilot-application etc.? Are you using the same secrets for both envs?
ssyberg
commented
6 months ago @ssyberg can you check if the secrets are properly tagged with
copilot-applicationetc.? Are you using the same secrets for both envs?
It was totally the tagging, I missed that sentence in the docs!
github-actions[bot]
commented
4 months ago This issue is stale because it has been open 60 days with no response activity. Remove the stale label, add a comment, or this will be closed in 14 days.
github-actions[bot]
commented
3 months ago This issue is closed due to inactivity. Feel free to reopen the issue if you have any further questions!
Other Closed Issues related to tagging.
Description:
I'm trying to deploy a service that I previously deployed just fine, but I added a secrets section to the manifest, and now it's failing.
Details:
Copilot ver: 1.33.1 running on Windows 11 Load-balanced web app
Additional manifest lines:
Error:
Secrets are tagged with the copilot-application and copilot-environment and those match what I'm using.
Expected result:
expected successful deployment